Ƙungiyoyin bincike na Forescout Research Labs da JSOF Research sun buga sakamakon binciken haɗin gwiwa na tsaro na ayyuka daban-daban na tsarin matsawa da aka yi amfani da su don tattara sunayen kwafi a cikin saƙon DNS, mDNS, DHCP, da IPV6 RA (marar da sassan yanki a cikin sakonni. wanda ya haɗa da sunaye da yawa). A yayin aikin, an gano lahani guda 9, waɗanda aka taƙaita a ƙarƙashin lambar suna NAME:WRECK.
An gano batutuwa a cikin FreeBSD, da kuma a cikin tsarin sadarwar IPnet, Nucleus NET da NetX, waɗanda suka zama tartsatsi a cikin VxWorks, Nucleus da ThreadX tsarin aiki na ainihi da aka yi amfani da su a cikin na'urorin sarrafa kansa, ajiya, na'urorin likita, avionics, firintocin. da na'urorin lantarki masu amfani. An yi kiyasin cewa aƙalla na'urori miliyan 100 ne ke fama da lahani.
- Rashin lahani a cikin FreeBSD (CVE-2020-7461) ya ba da damar tsara aiwatar da lambar ta ta hanyar aika fakitin DHCP na musamman ga maharan da ke kan hanyar sadarwar gida guda ɗaya da wanda abin ya shafa, sarrafa wanda abokin ciniki DHCP mai rauni ya jagoranta. zuwa buffer ambaliya. An warware matsalar ta hanyar gaskiyar cewa tsarin dhclient wanda raunin ya kasance yana gudana tare da sake saita gata a cikin keɓaɓɓen yanayin Capsicum, wanda ke buƙatar gano wani lahani don fita.
Ma'anar kuskuren kuskuren duba sigogi ba daidai ba ne, a cikin fakitin da uwar garken DHCP ta dawo tare da zaɓi na DHCP 119, wanda ke ba ku damar canja wurin jerin "binciken yanki" zuwa mai warwarewa. Ƙirar da ba daidai ba na girman buffer da ake buƙata don ɗaukar sunayen yanki da ba a cika ba ya haifar da rubuta bayanan sarrafa maharin fiye da abin da aka keɓe. A cikin FreeBSD, an gyara matsalar a watan Satumbar bara. Matsalar za a iya amfani da ita kawai idan kana da damar shiga cibiyar sadarwar gida.
- Rashin lahani a cikin tarin hanyar sadarwar IPnet da aka saka da aka yi amfani da shi a cikin RTOS VxWorks yana ba da damar yuwuwar aiwatar da lambar a gefen abokin ciniki na DNS saboda rashin kulawa da matsawar saƙon DNS. Kamar yadda ya fito, Fitowa ta fara gano wannan raunin a cikin 2016, amma ba a taɓa gyarawa ba. Wata sabuwar bukata ga kogin Wind ita ma ba a amsa ba kuma na'urorin IPnet sun kasance masu rauni.
- An gano rashin lahani guda shida a cikin Nucleus NET TCP / IP stack, wanda Siemens ke goyan bayan, wanda biyu na iya haifar da kisa mai nisa, kuma hudu na iya haifar da ƙin sabis. Matsala mai haɗari ta farko tana da alaƙa da kuskure yayin datse saƙon DNS da aka matsa, kuma na biyu yana da alaƙa da ɓarna ba daidai ba na lakabin sunan yanki. Matsalolin biyu suna haifar da cikar buffer lokacin sarrafa martanin da aka tsara musamman na DNS.
Don yin amfani da rashin lahani, kawai maharin yana buƙatar aika da martani na musamman da aka ƙera ga kowace halaltacciyar buƙata da aka aika daga na'ura mai rauni, alal misali, ta hanyar kai harin MTIM da kutsawa cikin zirga-zirga tsakanin uwar garken DNS da wanda aka azabtar. Idan maharin yana da damar shiga cibiyar sadarwar gida, to zai iya ƙaddamar da uwar garken DNS wanda ke ƙoƙarin kai hari ga na'urori masu matsala ta hanyar aika buƙatun mDNS a yanayin watsa shirye-shirye.
- Rashin lahani a cikin tarin cibiyar sadarwa na NetX (Azure RTOS NetX), wanda aka haɓaka don ThreadX RTOS kuma an buɗe shi a cikin 2019 bayan Microsoft ya karɓe shi, ya iyakance ga ƙin sabis. Matsalar ta samo asali ne ta hanyar kuskure a cikin tantance matsatattun saƙonnin DNS a cikin aiwatar da mai warwarewa.
Daga cikin ɗimbin hanyoyin sadarwar da aka gwada waɗanda ba a sami lahani masu alaƙa da matsawa da maimaita bayanai a cikin saƙonnin DNS ba, waɗannan ayyukan ana kiran su: lwIP, Nut/Net, Zephyr, uC/TCP-IP, uC/TCP-IP, FreeRTOS+TCP , OpenThread da FNET. Haka kuma, na farko biyu (Nut/Net da lwIP) ba sa goyan bayan matsawa a cikin saƙonnin DNS kwata-kwata, yayin da sauran ke aiwatar da wannan aikin ba tare da kurakurai ba. Bugu da ƙari, an lura cewa a baya masu binciken iri ɗaya sun riga sun gano irin wannan lahani a cikin Treck, uIP da PicoTCP.
source: budenet.ru